Merge branch 'privilegebits' into 'master'

grammmike · grammmike · commit a9cb4a48b7de · 2025-01-17T19:26:31.000Z
Check privilege bits whether the user is allowed for grommunio-sync

See merge request grommunio/grommunio-sync!99
diff --git a/lib/grommunio/grommunio.php b/lib/grommunio/grommunio.php
@@ -3049,22 +3049,24 @@ private function getAddressbookDir() {
 	private function isGSyncEnabled() {
 		$addressbook = $this->getAddressbook();
 		// this check needs to be performed on the store of the main (authenticated) user
-		$store = $this->storeCache[$this->mainUser];
-		$userEntryid = mapi_getprops($store, [PR_MAILBOX_OWNER_ENTRYID]);
-		$mailuser = mapi_ab_openentry($addressbook, $userEntryid[PR_MAILBOX_OWNER_ENTRYID]);
-		$enabledFeatures = mapi_getprops($mailuser, [PR_EC_DISABLED_FEATURES]);
-		if (isset($enabledFeatures[PR_EC_DISABLED_FEATURES]) && is_array($enabledFeatures[PR_EC_DISABLED_FEATURES])) {
-			$mobileDisabled = in_array(self::MOBILE_ENABLED, $enabledFeatures[PR_EC_DISABLED_FEATURES]);
-			$deviceId = Request::GetDeviceID();
-			// Checks for deviceId present in zarafaDisabledFeatures LDAP array attribute. Check is performed case insensitive.
-			$deviceIdDisabled = (($deviceId !== null) && in_array($deviceId, array_map('strtolower', $enabledFeatures[PR_EC_DISABLED_FEATURES]))) ? true : false;
-			if ($mobileDisabled) {
-				throw new FatalException("User is disabled for grommunio-sync.");
-			}
-			if ($deviceIdDisabled) {
-				throw new FatalException(sprintf("User has deviceId %s disabled for usage with grommunio-sync.", $deviceId));
+		$storeProps = mapi_getprops($this->storeCache[$this->mainUser], [PR_MAILBOX_OWNER_ENTRYID, PR_EC_ENABLED_FEATURES_L]);
+		$mobileDisabled = !($storeProps[PR_EC_ENABLED_FEATURES_L] & UP_EAS);
+		if (!$mobileDisabled) {
+			$mailuser = mapi_ab_openentry($addressbook, $userEntryid[PR_MAILBOX_OWNER_ENTRYID]);
+			$enabledFeatures = mapi_getprops($mailuser, [PR_EC_DISABLED_FEATURES]);
+			if (isset($enabledFeatures[PR_EC_DISABLED_FEATURES]) && is_array($enabledFeatures[PR_EC_DISABLED_FEATURES])) {
+				$mobileDisabled = in_array(self::MOBILE_ENABLED, $enabledFeatures[PR_EC_DISABLED_FEATURES]);
+				$deviceId = Request::GetDeviceID();
+				// Checks for deviceId present in zarafaDisabledFeatures LDAP array attribute. Check is performed case insensitive.
+				$deviceIdDisabled = (($deviceId !== null) && in_array($deviceId, array_map('strtolower', $enabledFeatures[PR_EC_DISABLED_FEATURES]))) ? true : false;
+				if ($deviceIdDisabled) {
+					throw new FatalException(sprintf("User has deviceId %s disabled for usage with grommunio-sync.", $deviceId));
+				}
 			}
 		}
+		if ($mobileDisabled) {
+			throw new FatalException("User is disabled for grommunio-sync.");
+		}
 
 		return true;
 	}
